Massive iPhone, iPad ID breach linked back to Florida company

A Florida company says it – and not the FBI – was the target of a breach last week.

ByMatthew ShaerSeptember 10, 2012

An Apple logo is reflected in the screen of an Apple iPad at an electronics store in Mumbai, India. Earlier today, BlueToad, a Florida company, said a database of iPad and iPhone IDs had been breached by hackers.

Last week, AntiSec, a "hacktivist" group associated with Anonymous, released a trove of Apple Unique Device Identifiers, or UDIDs – digital bar codes for iPhones and iPads, basically. AntiSec said the UDIDs – it said it had 12 million in all – had been nabbed from the computer of an FBI agent. The FBI subsequently maintained that there was "no evidence" of a breach, and Apple said it hadn't coughed up the UDIDs to the FBI in the first place.

So what was the real source of the leak? A small Florida digital publishing company called BlueToad, apparently. (The BlueToad site has been offline for hours, likely a result of all the press attention, so don't bother.) In interviews and statements today, BlueToad executives said they had found 98 percent correlation between the UDIDs on the AntiSec list and the UDIDs in its own files (hat tip to Ars Technica).

According to CNN, BlueToad "works with 5,000 to 6,000 publishers to repurpose their content on various devices." Many of those devices are Apple devices, which explains why BlueToad had the UDIDs. But in a statement obtained by the AP, company president Paul DeHart said BlueToad would cease to use the codes altogether. He also stressed that his company did not have access to more specific user data.